The KVM switch has configurable features, but the configuration is not protected from modification with a DOD compliant password.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6681 | KVM01.007.00 | SV-6843r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| If the KVM switch is configurable, some feature that are available such as auto toggling between attached ISs are not permitted. If the configuration is not protected by a password it can be modified by any user allowing features that are not permitted. This can lead to the compromise of sensitive data. If the KVM switch has configurable features, the IAO or SA will ensure that the configuration is protected from modification with a DOD compliant password. |
| STIG | Date |
|---|---|
| Keyboard Video and Mouse Switch STIG | 2014-08-04 |
Details
| Check Text ( C-2631r1_chk ) |
|---|
| If the KVM switch is configurable, the reviewere will, with the assistance of the SA, try to change the configuration with a random password and with no password. Note the emphasis here is the protection of the configuration not the technique, if the configuration is protected as a function of a privileged userid/password sign in to the KVM switch or by a DOD PKI (for network attached KVM switches) this fulfills this requirement. |
| Fix Text (F-6271r1_fix) |
|---|
| If the KVM switch’s configuration can be protected by a password, including userid/password combinations or PKI for network attached switches, create a DOD compliant password to protect the configuration. If the KVM switch’s configuration cannot be protected by a password, including userid/password combinations or PKI for network attached switches, replace it with a KVM switch that either has no configuration or the configuration can be protected by a password. |